VYPR

ELEX WooCommerce Google Shopping (Google Product Feed)

by WordPress

CVEs (2)

  • CVE-2021-25068HigMar 28, 2022
    risk 0.47cvss 7.2epss 0.01

    The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard

  • CVE-2025-10046MedSep 6, 2025
    risk 0.28cvss 4.9epss 0.01

    The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient…